UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTIONUNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTIONUNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
UNDER CONSTRUCTION
Adapun DNS Server yang akan dibuat berada dalam jaringan dengan alokasi IP Address seperti berikut ini.
DMZ Area : 172.16.16.0/24
Clients IP : 192.168.0.0/16
DNS Master : 172.16.16.100
DNS Slave : 192.168.1.126, 192.168.99.126, 192.168.100.26
Konfigurasi DNS Master dan Slave Host sebelumnya dapat dilihat di : http://havizul.blogspot.com/2015/05/ubuntu-server-1204-bag-1-konfigurasi.html
Sekarang kita akan mengkonfigurasi DNS Slave pada host 192.168.100.26.
root@log-cstorage:/home/it# cat /etc/os-release
NAME="Ubuntu"
VERSION="14.04.2 LTS, Trusty Tahr"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 14.04.2 LTS"
VERSION_ID="14.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
root@log-cstorage:/home/it# ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:89:e5:42
inet addr:192.168.100.26 Bcast:192.168.100.63 Mask:255.255.255.192
inet6 addr: fe80::a00:27ff:fe89:e542/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3930 errors:0 dropped:0 overruns:0 frame:0
TX packets:3466 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:447589 (447.5 KB) TX bytes:379719 (379.7 KB)
root@log-cstorage:/home/it# aptitude remove apparmor apparmor-utils
root@log-cstorage:/home/it# /etc/init.d/apparmor stop
* Clearing AppArmor profiles cache [ OK ]
All profile caches have been cleared, but no profiles have been unloaded.
Unloading profiles will leave already running processes permanently
unconfined, which can lead to unexpected situations.
To set a process to complain mode, use the command line tool
'aa-complain'. To really tear down all profiles, run the init script
with the 'teardown' option."
root@log-cstorage:/home/it# /etc/init.d/apparmor teardown
* Unloading AppArmor profiles [ OK ]
root@log-cstorage:/home/it# update-rc.d -f apparmor remove
Removing any system startup links for /etc/init.d/apparmor ...
/etc/rcS.d/S37apparmor
==================================================================
INSTALL DNS SLAVE
==================================================================
root@log-cstorage:/home/it# apt-get install bind9
root@log-cstorage:/home/it# cp /etc/bind/named.conf /etc/bind/named.conf.asli
root@log-cstorage:/home/it# cp /etc/bind/named.conf.options /etc/bind/named.conf.asli
root@log-cstorage:/home/it# cp /etc/bind/named.conf.local /etc/bind/named.conf.local.asli
root@log-cstorage:/home/it# cp /etc/bind/named.conf.default-zones /etc/bind/named.conf.default-zones.asli
root@log-cstorage:/home/it# vim /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
logging {
channel my_syslog {
syslog daemon;
severity info;
};
channel my_query {
file "/var/log/bind/query.log";
severity dynamic;
};
channel my_sec {
file "/var/log/bind/sec.log";
severity dynamic;
};
category default { null; };
category security { my_syslog; my_sec; };
category queries { my_query; };
};
root@log-cstorage:/home/it# vim /etc/bind/named.conf.options
root@log-cstorage:/home/it# cat /etc/bind/named.conf.options
acl internals-recursion
{
127.0.0.0/8; # Untuk localhost
192.168.0.0/16; # Untuk client internal
172.16.16.0/24; # Untuk host DMZ
};
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
#auth-nxdomain no; # conform to RFC1035
auth-nxdomain yes;
allow-recursion { "internals-recursion"; };
empty-zones-enable yes;
listen-on-v6 { any; };
};
root@log-cstorage:/home/it# vim /etc/bind/named.conf.local
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
acl internals
{
127.0.0.0/8; # Untuk localhost
192.168.0.0/16; # Untuk client internal
172.16.16.0/24; # Untuk host DMZ
};
view "internal"
{
match-clients { internals; };
recursion yes;
zone "wanasl.lcl"
{
type slave;
file "/var/cache/bind/db.wanasl.lcl";
masters { 172.16.16.106; };
allow-notify { 172.16.16.106; };
};
zone "16.16.172.in-addr.arpa"
{
type slave;
file "/var/cache/bind/db.16.16.172.in-addr.arpa";
masters { 172.16.16.106; };
allow-notify { 172.16.16.106; };
};
zone "168.192.in-addr.arpa"
{
type slave;
file "/var/cache/bind/db.168.192.in-addr.arpa";
masters { 172.16.16.106; };
allow-notify { 172.16.16.106; };
};
};
root@log-cstorage:/home/it# vim /etc/bind/named.conf.default-zones
root@log-cstorage:/home/it# cat /etc/bind/named.conf.default-zones
acl internals-default
{
127.0.0.0/8; # Untuk localhost
192.168.0.0/16; # Untuk client internal
172.16.16.0/24; # Untuk host DMZ
};
view "internal-default"
{
match-clients { internals-default; };
recursion yes;
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
};
root@log-cstorage:/home/it# mkdir /var/cache/bind
root@log-cstorage:/home/it# chown root.bind /var/cache/bind
root@log-cstorage:/home/it# chmod 0775 /var/cache/bind
root@log-cstorage:/home/it# ls -l /var/cache/ | grep bind
drwxrwxr-x 2 root bind 4096 Jun 15 10:06 bind
root@log-cstorage:/home/it# mkdir /var/log/bind
root@log-cstorage:/home/it# touch /var/log/bind/query.log
root@log-cstorage:/home/it# touch /var/log/bind/sec.log
root@log-cstorage:/home/it# chown bind /var/log/bind/*
root@log-cstorage:/home/it# ls -l /var/log/bind/
total 0
-rw-r--r-- 1 bind root 0 Jun 15 14:35 query.log
-rw-r--r-- 1 bind root 0 Jun 15 14:36 sec.log
root@log-cstorage:/home/it# ls -l /var/cache/bind/
total 4
-rw-r--r-- 1 bind bind 720 Jun 15 08:11 managed-keys.bind
root@log-cstorage:/home/it# /etc/init.d/bind9 restart
* Stopping domain name service... bind9 waiting for pid 915 to die
[ OK ]
* Starting domain name service... bind9
root@log-cstorage:/home/it# ls -l /var/cache/bind/
total 20
-rw-r--r-- 1 bind bind 720 Jun 15 14:37 3bed2cb3a3acf7b6a8ef408420cc682d5520e26976d354254f528c965612054f.mkeys
-rw-r--r-- 1 bind bind 512 Jun 15 14:37 3bed2cb3a3acf7b6a8ef408420cc682d5520e26976d354254f528c965612054f.mkeys.jnl
-rw-r--r-- 1 bind bind 720 Jun 15 14:37 4aa7fb58c29ddddec18a776e8b0c92debe019418308fa9ee16850e65c6d1b895.mkeys
-rw-r--r-- 1 bind bind 512 Jun 15 14:37 4aa7fb58c29ddddec18a776e8b0c92debe019418308fa9ee16850e65c6d1b895.mkeys.jnl
-rw-r--r-- 1 bind bind 720 Jun 15 08:11 managed-keys.bind
Agar database pada name server master terduplikasi ke dns slave ini, maka tambahkan entri ip address 192.168.100.26 pada parameter "allow-transfer" dan "also-notify" seperti berikut ini.
it@ns:~$ cat /etc/os-release
NAME="Ubuntu"
VERSION="12.04.5 LTS, Precise Pangolin"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu precise (12.04.5 LTS)"
VERSION_ID="12.04"
it@ns:~$ ifconfig
eth2 Link encap:Ethernet HWaddr 4a:f8:8d:37:15:ee
inet addr:172.16.16.106 Bcast:172.16.16.127 Mask:255.255.255.224
inet6 addr: fe80::48f8:8dff:fe37:15ee/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1117093 errors:0 dropped:208 overruns:0 frame:0
TX packets:1121770 errors:0 dropped:1 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:345641851 (345.6 MB) TX bytes:400656037 (400.6 MB)
Interrupt:36
it@ns:~$ sudo vim /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
acl internals
{
127.0.0.0/8; # Untuk localhost
192.168.0.0/16; # Untuk client internal
172.16.16.0/24; # Untuk host DMZ
};
view "internal"
{
match-clients { internals; };
recursion yes;
zone "wanasl.lcl"
{
type master;
file "/var/cache/bind/db.wanasl.lcl";
allow-transfer { 192.168.99.126; 192.168.1.196; 192.168.100.26; };
also-notify { 192.168.99.126; 192.168.1.196; 192.168.100.26; };
};
zone "16.16.172.in-addr.arpa"
{
type master;
file "/var/cache/bind/db.16.16.172.in-addr.arpa";
allow-transfer { 192.168.99.126; 192.168.1.196; 192.168.100.26; };
also-notify { 192.168.99.126; 192.168.1.196; 192.168.100.26; };
};
zone "168.192.in-addr.arpa"
{
type master;
file "/var/cache/bind/db.168.192.in-addr.arpa";
allow-transfer { 192.168.99.126; 192.168.1.196; 192.168.100.26; };
also-notify { 192.168.99.126; 192.168.1.196; 192.168.100.26; };
};
};
view "external"
{
match-clients { any; };
recursion no;
zone "wanasl.lcl"
{
type master;
file "/var/cache/bind/db.wanasl.lcl.external";
};
zone "215.137.95.202.in-addr.arpa"
{
type master;
file "/var/cache/bind/db.215.137.95.202.in-addr.arpa";
};
zone "221.137.95.202.in-addr.arpa"
{
type master;
file "/var/cache/bind/db.221.137.95.202.in-addr.arpa";
};
};
it@ns:~$ sudo /etc/init.d/bind9 restart
* Stopping domain name service... bind9 waiting for pid 1729 to die
[ OK ]
* Starting domain name service... bind9 [ OK ]
Sekarang lihatlah kembali pada DNS Slave, akan terdapat file database yang diperlukan, seperti yang terdapat pada DNS Master.
root@log-cstorage:/home/it# ls -l /var/cache/bind/
total 32
-rw-r--r-- 1 bind bind 720 Jun 15 14:37 3bed2cb3a3acf7b6a8ef408420cc682d5520e26976d354254f528c965612054f.mkeys
-rw-r--r-- 1 bind bind 512 Jun 15 14:37 3bed2cb3a3acf7b6a8ef408420cc682d5520e26976d354254f528c965612054f.mkeys.jnl
-rw-r--r-- 1 bind bind 720 Jun 15 14:37 4aa7fb58c29ddddec18a776e8b0c92debe019418308fa9ee16850e65c6d1b895.mkeys
-rw-r--r-- 1 bind bind 512 Jun 15 14:37 4aa7fb58c29ddddec18a776e8b0c92debe019418308fa9ee16850e65c6d1b895.mkeys.jnl
-rw-r--r-- 1 bind bind 737 Jun 15 14:51 db.16.16.172.in-addr.arpa
-rw-r--r-- 1 bind bind 408 Jun 15 14:51 db.168.192.in-addr.arpa
-rw-r--r-- 1 bind bind 1162 Jun 15 14:51 db.wanasl.lcl
-rw-r--r-- 1 bind bind 720 Jun 15 08:11 managed-keys.bind
Silahkan arahkan komputer-komputer client terdekat agar menggunakan DNS Slave ini. Setelah komputer-komputer client menggunakan DNS Slave ini sebagai DNS Server nya, maka pada log DNS Slave ini akan tampak banyak query yang masuk seperti tampilan berikut ini.
root@log-cstorage:/home/it# tail -f /var/log/bind/query.log
client 192.168.100.161#64531 (ssl-google-analytics.l.google.com): view internal: query: ssl-google-analytics.l.google.com IN A + (192.168.100.26)
client 192.168.100.161#57415 (instagram.com): view internal: query: instagram.com IN A + (192.168.100.26)
client 192.168.100.161#56252 (ads.flurry.com): view internal: query: ads.flurry.com IN A + (192.168.100.26)
client 192.168.100.161#63521 (nelo2-col.nhncorp.jp): view internal: query: nelo2-col.nhncorp.jp IN A + (192.168.100.26)
client 192.168.100.161#63022 (api.mixpanel.com): view internal: query: api.mixpanel.com IN A + (192.168.100.26)
client 192.168.100.161#59509 (e3191.dscc.akamaiedge.net): view internal: query: e3191.dscc.akamaiedge.net IN A + (192.168.100.26)
client 192.168.100.161#56558 (gws.line.naver.jp): view internal: query: gws.line.naver.jp IN A + (192.168.100.26)
client 192.168.100.161#62649 (push-iphone.cdnlive.net): view internal: query: push-iphone.cdnlive.net IN A + (192.168.100.26)
client 192.168.100.161#50910 (path.com): view internal: query: path.com IN A + (192.168.100.26)
client 192.168.100.161#49994 (suggestqueries.l.google.com): view internal: query: suggestqueries.l.google.com IN A + (192.168.100.26)
client 192.168.100.161#62259 (ssl.google-analytics.com): view internal: query: ssl.google-analytics.com IN A + (192.168.100.26)
client 192.168.100.161#53873 (www.googleapis.com): view internal: query: www.googleapis.com IN A + (192.168.100.26)
client 192.168.100.161#61161 (push.livescore.com): view internal: query: push.livescore.com IN A + (192.168.100.26)
client 192.168.100.161#57538 (api.path.com): view internal: query: api.path.com IN A + (192.168.100.26)
client 192.168.100.161#57483 (suggestqueries.google.com): view internal: query: suggestqueries.google.com IN A + (192.168.100.26)
client 192.168.100.161#64531 (ssl-google-analytics.l.google.com): view internal: query: ssl-google-analytics.l.google.com IN A + (192.168.100.26)
client 192.168.100.161#57415 (instagram.com): view internal: query: instagram.com IN A + (192.168.100.26)
client 192.168.100.161#56252 (ads.flurry.com): view internal: query: ads.flurry.com IN A + (192.168.100.26)
client 192.168.100.161#49715 (dcache.cdnlive.net): view internal: query: dcache.cdnlive.net IN A + (192.168.100.26)
client 192.168.100.161#50206 (googleapis.l.google.com): view internal: query: googleapis.l.google.com IN A + (192.168.100.26)
client 192.168.100.161#63521 (nelo2-col.nhncorp.jp): view internal: query: nelo2-col.nhncorp.jp IN A + (192.168.100.26)
client 192.168.100.161#63022 (api.mixpanel.com): view internal: query: api.mixpanel.com IN A + (192.168.100.26)
client 192.168.100.161#59509 (e3191.dscc.akamaiedge.net): view internal: query: e3191.dscc.akamaiedge.net IN A + (192.168.100.26)
client 192.168.100.161#56558 (gws.line.naver.jp): view internal: query: gws.line.naver.jp IN A + (192.168.100.26)
client 192.168.100.161#62649 (push-iphone.cdnlive.net): view internal: query: push-iphone.cdnlive.net IN A + (192.168.100.26)
=====================================================================
Install Dan Konfigurasi LDAP Slave
=====================================================================
Untuk konfigurasi LDAP Master dapat merujuk ke : http://havizul.blogspot.com/2015/05/ubuntu-server-1204-bag-6-konfigurasi.html
Untuk konfigurasi LDAP Master - Slave dapat merujuk ke : http://havizul.blogspot.com/2015/05/ubuntu-server-1204-bag-6-konfigurasi.html
Kita mulai konfigurasi LDAP Slave.
root@log-cstorage:/home/it# vim /etc/hostname
log-cstorage.wanasl.lcl
root@log-cstorage:/home/it# vim /etc/hosts
127.0.0.1 localhost.localdomain log-cstorage
192.168.100.26 slave3-ldap.wanasl.lcl slave3-ldap
192.168.100.26 log-cstorage.wanasl.lcl log-cstorage
.
.
.
root@log-cstorage:/home/it# apt-get install slapd ldap-utils db5.3-util
Administrator password: ******** <--- Isikan Password Admin LDAP
Confirm password: ********
root@log-cstorage:/home/it# dpkg-reconfigure slapd
Omit OpenLDAP server configuration? No
DNS domain name: wanasl.lcl
Organization name: wanasl
Administrator password : -> Isi dengan password administrator sewaktu instalasi slapd atau gunakan password lain.
Confirm password: -> Sama dengan diatas
Database backend to use: HDB
Do you want the database to be removed when slapd is purged ? No
Move old database ? Yes
Allow LDAPv2 protocol ? No
root@log-cstorage:/home/it# dpkg -l | grep apache
ii apache2 2.4.7-1ubuntu4.4 amd64 Apache HTTP Server
ii apache2-bin 2.4.7-1ubuntu4.4 amd64 Apache HTTP Server (binary files and modules)
ii apache2-data 2.4.7-1ubuntu4.4 all Apache HTTP Server (common files)
ii apache2-mpm-prefork 2.4.7-1ubuntu4.4 amd64 transitional prefork MPM package for apache2
ii libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.9 amd64 server-side, HTML-embedded scripting language (Apache 2 module)
root@log-cstorage:/home/it# apt-get install phpldapadmin
root@log-cstorage:/home/it# vim /etc/phpldapadmin/config.php
.
.
.
/* Hide the warnings for invalid objectClasses/attributes in templates. */
// $config->custom->appearance['hide_template_warning'] = false;
$config->custom->appearance['hide_template_warning'] = true;
.
.
//$servers->setValue('server','host','127.0.0.1');
$servers->setValue('server','host','slave3-ldap.wanasl.lcl');
.
.
//$servers->setValue('server','base',array('dc=example,dc=com'));
$servers->setValue('server','base',array('dc=wanasl,dc=lcl'));
.
.
$servers->setValue('login','auth_type','session');
.
.
//$servers->setValue('login','bind_id','cn=admin,dc=example,dc=com');
$servers->setValue('login','bind_id','cn=admin,dc=wanasl,dc=lcl');
.
.
Sekarang anda dapat login ke phpldapadmin melalui :
http://192.168.100.26/phpldapadmin
Kemudian anda dapat melihat struktur direktori yang terbentuk disana, beserta progress perubahan struktur direktori nya kelak.
root@log-cstorage:/home/it# apt-get install samba-doc
root@log-cstorage:/home/it# cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz /etc/ldap/schema/
root@log-cstorage:/home/it# gzip -d /etc/ldap/schema/samba.schema.gz
root@log-cstorage:/home/it# cd /etc/ldap/schema/
root@log-cstorage:/etc/ldap/schema# vim schema_convert.conf
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/collective.schema
include /etc/ldap/schema/corba.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/duaconf.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/java.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/ppolicy.schema
include /etc/ldap/schema/ldapns.schema
include /etc/ldap/schema/pmi.schema
include /etc/ldap/schema/samba.schema
root@log-cstorage:/etc/ldap/schema# mkdir ldif_output
root@log-cstorage:/etc/ldap/schema# slapcat -f schema_convert.conf -F ldif_output -n 0 | grep samba,cn=schema
dn: cn={14}samba,cn=schema,cn=config
root@log-cstorage:/etc/ldap/schema# slapcat -f schema_convert.conf -F ldif_output -n0 -H ldap:///cn={14}samba,cn=schema,cn=config -l cn=samba.ldif
root@log-cstorage:/etc/ldap/schema# pico cn\=samba.ldif
.
.
.
.
structuralObjectClass: olcSchemaConfig
entryUUID: 40cda5dc-a789-1034-934d-9f867ebba8a8
creatorsName: cn=config
createTimestamp: 20150615090420Z
entryCSN: 20150615090420.350621Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150615090420Z
Hapus baris diatas (mulai kalimat : structuralObjectClass: ...).
root@log-cstorage:/etc/ldap/schema# cat cn\=samba.ldif
dn: cn={14}samba,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {14}samba
olcAttributeTypes: {0}( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'L
anManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1
21.1.26{32} SINGLE-VALUE )
olcAttributeTypes: {1}( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'M
.
.
.
.
olcObjectClasses: {11}( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' DESC
'Samba Trusted Domain Object' SUP top STRUCTURAL MUST cn MAY ( sambaTrustTyp
e $ sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFla
tName $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdenti
fier $ sambaTrustForestTrustInfo $ sambaTrustPosixOffset $ sambaSupportedEncr
yptionTypes ) )
root@log-cstorage:/etc/ldap/schema# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\=samba.ldif
adding new entry "cn={14}samba,cn=schema,cn=config"
root@log-cstorage:/etc/ldap/schema# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
olcObjectIdentifier: OLcfg 1.3.6.1.4.1.4203.1.12.2
olcObjectIdentifier: OLcfgAt OLcfg:3
olcObjectIdentifier: OLcfgGlAt OLcfgAt:0
.
.
.
.
tName $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdenti
fier $ sambaTrustForestTrustInfo $ sambaTrustPosixOffset $ sambaSupportedEncr
yptionTypes ) )
root@log-cstorage:/etc/ldap/schema# mkdir ldif_file
root@log-cstorage:/etc/ldap/schema# cd ldif_file/
root@log-cstorage:/etc/ldap/schema/ldif_file# vim samba_index.ldif
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: loginShell eq
olcDbIndex: uid eq,pres,sub
olcDbIndex: memberUid eq,pres,sub
olcDbIndex: uniqueMember eq,pres
olcDbIndex: sambaSID eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaGroupType eq
olcDbIndex: sambaSIDList eq
olcDbIndex: sambaDomainName eq
olcDbIndex: default sub
root@log-cstorage:/etc/ldap/schema/ldif_file# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f samba_index.ldif
modifying entry "olcDatabase={1}hdb,cn=config"
root@log-cstorage:/etc/ldap/schema/ldif_file# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config olcDatabase={1}hdb
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=wanasl,dc=lcl
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
s auth by dn="cn=admin,dc=wanasl,dc=lcl" write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=wanasl,dc=lcl" write by *
read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=wanasl,dc=lcl
olcRootPW: {SSHA}7QDkiINClnnycRWY0EIghwBRmXqh+gPO
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: loginShell eq
olcDbIndex: uid eq,pres,sub
olcDbIndex: memberUid eq,pres,sub
olcDbIndex: uniqueMember eq,pres
olcDbIndex: sambaSID eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaGroupType eq
olcDbIndex: sambaSIDList eq
olcDbIndex: sambaDomainName eq
olcDbIndex: default sub
root@log-cstorage:/etc/ldap/schema/ldif_file# vim logging.ldif
changetype: modify
replace: olcLogLevel
olcLogLevel: stats
root@log-cstorage:/etc/ldap/schema/ldif_file# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f logging.ldif
root@Plan-FileSrv:/opt/ldif-file# vim consumer_sync.ldif
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: entryUUID eq
-
add: olcSyncRepl
olcSyncRepl: rid=004 provider=ldap://ldap.wanasl.lcl bindmethod=simple binddn="cn=admin,dc=wanasl,dc=lcl" credentials=passwordAdminLDAPMaster searchbase="dc=wanasl,dc=lcl" logbase="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog
-
add: olcUpdateRef
olcUpdateRef: ldap://ldap.wanasl.lcl
Parameter rid masing-masing consumer berbeda2. Disini slave1 saya beri rid=000, slave2 rid=003, dan slave3 rid=004
root@log-cstorage:/etc/ldap/schema/ldif_file# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif
modifying entry "cn=module{0},cn=config"
modifying entry "olcDatabase={1}hdb,cn=config"
Silahkan cek di LDAP Slave3 ini, anda akan menemui banyak entri yang terdapat didalam nya sebagaimana yang terdapat didalam LDAP Master.
root@log-cstorage:/etc/ldap/schema/ldif_file# ldapsearch -x -b dc=wanasl,dc=lcl dn -h localhost
# extended LDIF
#
# LDAPv3
# base <dc=wanasl,dc=lcl> with scope subtree
# filter: (objectclass=*)
# requesting: dn
#
# wanasl.lcl
dn: dc=wanasl,dc=lcl
# admin, wanasl.lcl
dn: cn=admin,dc=wanasl,dc=lcl
.
.
# xerox-wsl3, Users, wanasl.lcl
dn: uid=xerox-wsl3,ou=Users,dc=wanasl,dc=lcl
# indah, Users, wanasl.lcl
dn: uid=indah,ou=Users,dc=wanasl,dc=lcl
# search result
search: 2
result: 0 Success
# numResponses: 81
# numEntries: 80
Atau buka phpldapadmin, maka anda akan melihat perubahan struktur folder dan mendapati banyak entri user dan group didalamnya, sama persis dengan yang terdapat pada LDAP Master.
http://192.168.100.26/phpldapadmin/
====================================================================================
Instalasi Dan Konfigurasi SAMBA SERVER + INTEGRASI DENGAN LDAP
====================================================================================
Tambahkan entri "slave3-ldap.wanasl.lcl" dan "log-cstorage.wanasl.lcl" pada DNS Server Master.
it@ns:~$ cat /etc/os-release
NAME="Ubuntu"
VERSION="12.04.5 LTS, Precise Pangolin"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu precise (12.04.5 LTS)"
VERSION_ID="12.04"
it@ns:~$ ifconfig
eth2 Link encap:Ethernet HWaddr 4a:f8:8d:37:15:ee
inet addr:172.16.16.106 Bcast:172.16.16.127 Mask:255.255.255.224
.
.
.
it@ns:~$ sudo vim /var/cache/bind/db.wanasl.lcl
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA ns.wanasl.lcl. havizul.wanasl.lcl. (
1505061741 ; Serial
.
.
Log-cStorage IN A 192.168.100.26
slave3-ldap IN A 192.168.100.26
.
.
it@ns:~$ sudo /etc/init.d/bind9 restart
Ingat, jangan lupa untuk menambahkan 1 nilai serial, agar DNS Slave mendapatkan update database name server terbaru dari DNS Master.
Kemudian, sebelum melanjutkan ke tahap berikutnya, reboot server slave3 ldap ini agar hostname berubah dengan yang baru.
root@log-cstorage:/etc/ldap/schema/ldif_file# reboot
==================================================================
Bersambung besok selasa, 15 Juni 2015.
Ikuti panduan ini : http://havizul.blogspot.com/2015/05/ubuntu-server-1204-bag-3-instalasi.html :
1. Instalasi dan Konfigurasi SAMBA Server
Tambahkan Samba Objects kedalam server LDAP.
.
.
.
Ini referensi yang kedua : http://havizul.blogspot.com/2015/05/ubuntu-server-1204-bag-4-instalasi.html
================================================
Dapat juga merujuk pada tutorial yang lalu : http://havizul.blogspot.com/2015/05/ubuntu-server-1204-bag-3-instalasi.html
it@log-cstorage:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:89:e5:42
inet addr:192.168.100.26 Bcast:192.168.100.63 Mask:255.255.255.192
inet6 addr: fe80::a00:27ff:fe89:e542/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
.
.
.
it@log-cstorage:~$ sudo su
Password:
root@log-cstorage:/home/it# apt-get install samba smbldap-tools
root@log-cstorage:/home/it# cp /usr/share/doc/smbldap-tools/examples/smbldap_bind.conf /etc/smbldap-tools/
root@log-cstorage:/home/it# cp /usr/share/doc/smbldap-tools/examples/smbldap.conf.gz /etc/smbldap-tools/
root@log-cstorage:/home/it# cd /etc/smbldap-tools/
root@log-cstorage:/etc/smbldap-tools# gzip -d smbldap.conf.gz
root@log-cstorage:/etc/smbldap-tools# ls -l
total 12
-rw-r--r-- 1 root root 490 Jun 16 11:09 smbldap_bind.conf
-rw-r--r-- 1 root root 7817 Jun 16 11:10 smbldap.conf
root@log-cstorage:/etc/smbldap-tools# net getlocalsid
SID for domain LOG-CSTORAGE is: S-1-5-21-483252857-2242810810-2295108987
root@log-cstorage:/etc/smbldap-tools# pico smbldap.conf
.
.
.
# Put your own SID. To obtain this number do: "net getlocalsid".
# If not defined, parameter is taking from "net getlocalsid" return
#SID="S-1-5-21-2252255531-4061614174-2474224977"
SID="S-1-5-21-483252857-2242810810-2295108987"
.
.
.
#sambaDomain="DOMSMB"
sambaDomain="LOG-CSTORAGE"
##############################################################################
#
# LDAP Configuration
#
##############################################################################
.
.
#slaveLDAP="ldap://ldap.example.com/"
slaveLDAP="ldap://ns.wanasl.lcl/"
.
.
.
#masterLDAP="ldap://ldap.example.com/"
masterLDAP="ldap://ns.wanasl.lcl/"
.
.
.
#ldapTLS="1"
ldapTLS="0"
.
.
.
suffix="dc=wanasl,dc=lcl"
.
.
.
# Warning: if 'suffix' is not set here, you must set the full dn for usersdn
usersdn="ou=Users,${suffix}"
.
.
# Warning: if 'suffix' is not set here, you must set the full dn for computersdn
computersdn="ou=Computers,${suffix}"
.
.
# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn
groupsdn="ou=Groups,${suffix}"
.
.
# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn
idmapdn="ou=Idmap,${suffix}"
.
.
# Ex: mailDomain="idealx.com"
#mailDomain="example.com"
mailDomain="wanasl.lcl"
##############################################################################
#
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
#
##############################################################################
.
.
.
root@log-cstorage:/etc/smbldap-tools# pico smbldap_bind.conf
.
.
slaveDN="cn=admin,dc=wanasl,dc=lcl"
slavePw="passwordAdminLDAPSlave"
masterDN="cn=admin,dc=wanasl,dc=lcl"
masterPw="passwordAdminLDAPMaster"
.
.
root@log-cstorage:/etc/smbldap-tools# chmod 0644 smbldap.conf
root@log-cstorage:/etc/smbldap-tools# chmod 0600 smbldap_bind.conf
root@log-cstorage:/etc/smbldap-tools# smbldap-populate
Populating LDAP directory for domain wanasl.lcl (S-1-5-21-483252857-2242810810-2295108987)
(using builtin directory structure)
entry dc=wanasl,dc=lcl already exist.
entry ou=Users,dc=wanasl,dc=lcl already exist.
entry ou=Groups,dc=wanasl,dc=lcl already exist.
entry ou=Computers,dc=wanasl,dc=lcl already exist.
entry ou=Idmap,dc=wanasl,dc=lcl already exist.
adding new entry: sambaDomainName=wanasl.lcl,dc=wanasl,dc=lcl
entry uid=root,ou=Users,dc=wanasl,dc=lcl already exist.
entry uid=nobody,ou=Users,dc=wanasl,dc=lcl already exist.
entry cn=Domain Admins,ou=Groups,dc=wanasl,dc=lcl already exist.
entry cn=Domain Users,ou=Groups,dc=wanasl,dc=lcl already exist.
entry cn=Domain Guests,ou=Groups,dc=wanasl,dc=lcl already exist.
entry cn=Domain Computers,ou=Groups,dc=wanasl,dc=lcl already exist.
entry cn=Administrators,ou=Groups,dc=wanasl,dc=lcl already exist.
entry cn=Account Operators,ou=Groups,dc=wanasl,dc=lcl already exist.
entry cn=Print Operators,ou=Groups,dc=wanasl,dc=lcl already exist.
entry cn=Backup Operators,ou=Groups,dc=wanasl,dc=lcl already exist.
entry cn=Replicators,ou=Groups,dc=wanasl,dc=lcl already exist.
Please provide a password for the domain root:
Changing UNIX and samba passwords for root
New password:
Retype new password:
root@log-cstorage:/etc/smbldap-tools# ldapsearch -x -LLL -H ldap://ldap.wanasl.lcl -b dc=wanasl,dc=lcl
dn: dc=wanasl,dc=lcl
objectClass: top
objectClass: dcObject
objectClass: organization
o: wanasl.lcl
dc: wanasl
.
.
.
dn: sambaDomainName=ACC-CSTORAGE,dc=wanasl,dc=lcl
sambaDomainName: ACC-CSTORAGE
sambaSID: S-1-5-21-2224689042-38236756-2276376706
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0
dn: sambaDomainName=LOG-CSTORAGE,dc=wanasl,dc=lcl
objectClass: sambaDomain
objectClass: sambaUnixIdPool
uidNumber: 1000
gidNumber: 1000
sambaSID: S-1-5-21-483252857-2242810810-2295108987
sambaDomainName: LOG-CSTORAGE
sambaNextRid: 1000
dn: sambaDomainName=PLAN-CSTORAGE,dc=wanasl,dc=lcl
sambaDomainName: PLAN-CSTORAGE
sambaSID: S-1-5-21-3385463731-2437117438-382679373
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0
root@log-cstorage:/etc/smbldap-tools# pico /etc/samba/smb.conf
workgroup = WANASL
security = user
passdb backend = ldapsam:ldap://ldap.wanasl.lcl/
ldap ssl = off
obey pam restrictions = no
#==========================================================
#LDAP SAM
#=========================================================
ldap admin dn = cn=admin,dc=wanasl,dc=lcl
ldap suffix = dc=wanasl,dc=lcl
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *All*authentication*tokens*updated*
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -W "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
domain logons = yes
root@log-cstorage:/etc/smbldap-tools# /etc/init.d/smbd restart
root@log-cstorage:/etc/smbldap-tools# /etc/init.d/nmbd restart
root@log-cstorage:/etc/smbldap-tools# mkdir /home/Logistik
root@log-cstorage:/etc/smbldap-tools# mkdir /home/SnF
root@log-cstorage:/etc/smbldap-tools# mkdir /home/RnD
root@log-cstorage:/etc/smbldap-tools# groupadd logistik -g 1500
root@log-cstorage:/etc/smbldap-tools# groupadd RnD -g 1700
root@log-cstorage:/etc/smbldap-tools# groupadd SnF -g 1800
root@log-cstorage:/etc/smbldap-tools# useradd takeuchi -m -d /home/Logistik/Takeuchi -u 1501 -g 1500
root@log-cstorage:/etc/smbldap-tools# useradd setiawan -m -d /home/Logistik/Setiawan -u 1502 -g 1500
root@log-cstorage:/etc/smbldap-tools# useradd tika -m -d /home/Logistik/Tika -u 1503 -g 1500
root@log-cstorage:/etc/smbldap-tools# useradd mustaqim -m -d /home/Logistik/Mustaqim -u 1504 -g 1500
root@log-cstorage:/etc/smbldap-tools# useradd asbani -m -d /home/Logistik/Asbani -u 1505 -g 1500
root@log-cstorage:/etc/smbldap-tools# ls -l /home/Logistik/
total 20
drwxr-xr-x 2 asbani logistik 4096 Jun 16 13:16 Asbani
drwxr-xr-x 2 mustaqim logistik 4096 Jun 16 13:16 Mustaqim
drwxr-xr-x 2 setiawan logistik 4096 Jun 16 13:15 Setiawan
drwxr-xr-x 2 takeuchi logistik 4096 Jun 16 13:14 Takeuchi
drwxr-xr-x 2 tika logistik 4096 Jun 16 13:15 Tika
root@log-cstorage:/etc/smbldap-tools# useradd rafinosa -m -d /home/RnD/Rafinosa -u 1701 -g 1700
root@log-cstorage:/etc/smbldap-tools# useradd ahmadi -m -d /home/RnD/Ahmadi -u 1702 -g 1700
root@log-cstorage:/etc/smbldap-tools# useradd eci -m -d /home/RnD/Eci -u 1703 -g 1700
root@log-cstorage:/etc/smbldap-tools# ls -l /home/RnD/
total 12
drwxr-xr-x 2 ahmadi RnD 4096 Jun 16 13:19 Ahmadi
drwxr-xr-x 2 eci RnD 4096 Jun 16 13:20 Eci
drwxr-xr-x 2 rafinosa RnD 4096 Jun 16 13:19 Rafinosa
root@log-cstorage:/etc/smbldap-tools# useradd rusdy -m -d /home/SnF/Rusdy -u 1801 -g 1800
root@log-cstorage:/etc/smbldap-tools# useradd alfonsius -m -d /home/SnF/Alfonsius -u 1802 -g 1800
root@log-cstorage:/etc/smbldap-tools# useradd dedy -m -d /home/SnF/Dedy -u 1803 -g 1800
root@log-cstorage:/etc/smbldap-tools# useradd ipan -m -d /home/SnF/Ipan -u 1804 -g 1800
root@log-cstorage:/etc/smbldap-tools# useradd dwi -m -d /home/SnF/Dwi -u 1805 -g 1800
root@log-cstorage:/etc/smbldap-tools# ls -l /home/SnF/
total 20
drwxr-xr-x 2 alfonsius SnF 4096 Jun 16 13:23 Alfonsius
drwxr-xr-x 2 dedy SnF 4096 Jun 16 13:23 Dedy
drwxr-xr-x 2 dwi SnF 4096 Jun 16 13:24 Dwi
drwxr-xr-x 2 ipan SnF 4096 Jun 16 13:24 Ipan
drwxr-xr-x 2 rusdy SnF 4096 Jun 16 13:22 Rusdy
root@log-cstorage:/etc/smbldap-tools# chown root.logistik /home/Logistik/
root@log-cstorage:/etc/smbldap-tools# chown root.RnD /home/RnD/
root@log-cstorage:/etc/smbldap-tools# chown root.SnF /home/SnF/
root@log-cstorage:/etc/smbldap-tools# ls -l /home/
total 16
drwxr-xr-x 3 it it 4096 Jun 15 15:22 it
drwxr-xr-x 7 root logistik 4096 Jun 16 13:16 Logistik
drwxr-xr-x 5 root RnD 4096 Jun 16 13:20 RnD
drwxr-xr-x 7 root SnF 4096 Jun 16 13:24 SnF
root@log-cstorage:/etc/smbldap-tools# chmod -R 0740 /home/Logistik/*
root@log-cstorage:/etc/smbldap-tools# chmod -R 0740 /home/RnD/*
root@log-cstorage:/etc/smbldap-tools# chmod -R 0740 /home/SnF/*
root@log-cstorage:/etc/smbldap-tools# ls -l /home/Logistik/
total 20
drwxr----- 2 asbani logistik 4096 Jun 16 13:16 Asbani
drwxr----- 2 mustaqim logistik 4096 Jun 16 13:16 Mustaqim
drwxr----- 2 setiawan logistik 4096 Jun 16 13:15 Setiawan
drwxr----- 2 takeuchi logistik 4096 Jun 16 13:14 Takeuchi
drwxr----- 2 tika logistik 4096 Jun 16 13:15 Tika
root@log-cstorage:/etc/smbldap-tools# chown it.it /home/Public
root@log-cstorage:/etc/smbldap-tools# chmod -R 0777 /home/Public
root@log-cstorage:/etc/smbldap-tools# chmod +t /home/Public
root@log-cstorage:/etc/smbldap-tools# ls -l /home/
total 20
drwxr-xr-x 3 it it 4096 Jun 15 15:22 it
drwxr-xr-x 7 root logistik 4096 Jun 16 13:16 Logistik
drwxrwxrwt 2 it it 4096 Jun 16 13:37 Public
drwxr-xr-x 5 root RnD 4096 Jun 16 13:20 RnD
drwxr-xr-x 7 root SnF 4096 Jun 16 13:24 SnF
root@log-cstorage:/etc/smbldap-tools# groupadd sakura-group2 -g 4000
root@log-cstorage:/etc/smbldap-tools# mkdir /home/Sakura-Group2
root@log-cstorage:/etc/smbldap-tools# useradd muraki -m -d /home/Sakura-Group2/Muraki -u 4002 -g 4000
root@log-cstorage:/etc/smbldap-tools# chown root.sakura-group2 /home/Sakura-Group2
root@log-cstorage:/etc/smbldap-tools# chmod -R 0740 /home/Sakura-Group2/*
root@log-cstorage:/etc/smbldap-tools# ls -l /home/Sakura-Group2/
total 4
drwxr----- 2 muraki sakura-group2 4096 Jun 16 13:47 Muraki
Lengkapi file konfigurasi samba sehingga seperti berikut ini.
root@log-cstorage:/etc/smbldap-tools# pico /etc/samba/smb.conf
[global]
workgroup = WANASL.LCL
server string = %h server (Samba, Ubuntu)
server role = standalone server
map to guest = Bad User
obey pam restrictions = Yes
passdb backend = ldapsam:"ldap://ns.wanasl.lcl"
pam password change = Yes
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
printcap name = cups
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
dns proxy = No
ldap admin dn = cn=admin,dc=wanasl,dc=lcl
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Users
ldap machine suffix = ou=Computers
ldap passwd sync = yes
ldap suffix = dc=wanasl,dc=lcl
ldap ssl = no
ldap user suffix = ou-Users
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
print ok = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
[Public]
comment = Writeable Public File Sharing
path = /home/Public
read only = No
force create mode = 0777
force directory mode = 0777
guest ok = Yes
[Logistik]
comment = Logistik Dept
path = /home/Logistik
valid users = takeuchi, setiawan, tika, mustaqim, asbani
force group = logistik
read only = No
force create mode = 0740
force directory mode = 0740
inherit permissions = Yes
delete veto files = Yes
veto files = /*.mp3/*.mpeg/*.mpg/*.avi/*.asf/*.wmv/*.3gp/*.dat/*.iso/*.exe/
[RnD]
comment = RnD Dept
path = /home/RnD
valid users = rafinosa, ahmadi, eci
force group = RnD
read only = No
force create mode = 0740
force directory mode = 0740
inherit permissions = Yes
delete veto files = Yes
veto files = /*.mp3/*.mpeg/*.mpg/*.avi/*.asf/*.wmv/*.3gp/*.dat/*.iso/*.exe/
[SnF]
comment = SnF Dept
path = /home/SnF
valid users = rusdy, alfonsius, dedy, ipan, dwi
force group = SnF
read only = No
force create mode = 0740
force directory mode = 0740
inherit permissions = Yes
delete veto files = Yes
veto files = /*.mp3/*.mpeg/*.mpg/*.avi/*.asf/*.wmv/*.3gp/*.dat/*.iso/*.exe/
[Sakura-Group2]
comment = Sakura Group 2
path = /home/Sakura-Group2
valid users = muraki
force group = sakura-group2
read only = No
force create mode = 0740
force directory mode = 0740
inherit permissions = Yes
delete veto files = Yes
veto files = /*.mp3/*.mpeg/*.mpg/*.avi/*.asf/*.wmv/*.3gp/*.dat/*.iso/*.exe/
root@log-cstorage:/etc/smbldap-tools# /etc/init.d/smbd restart
root@log-cstorage:/etc/smbldap-tools# /etc/init.d/nmbd restart
root@log-cstorage:/etc/smbldap-tools# smbldap-groupadd -g 15000 logistik
root@log-cstorage:/etc/smbldap-tools# smbldap-groupadd -g 17000 RnD
root@log-cstorage:/etc/smbldap-tools# smbldap-groupadd -g 18000 SnF
root@log-cstorage:/etc/smbldap-tools# smbldap-groupadd -g 40000 sakura-group2
root@log-cstorage:/etc/smbldap-tools# smbldap-groupshow RnD
dn: cn=RnD,ou=Groups,dc=wanasl,dc=lcl
objectClass: top,posixGroup
cn: RnD
gidNumber: 17000
root@log-cstorage:/etc/smbldap-tools# smbldap-useradd -d /home/Sakura-Group2/Muraki/ -u 40002 -g 40000 muraki
root@log-cstorage:/etc/smbldap-tools# smbldap-useradd -d /home/Logistik/Takeuchi/ -u 15001 -g 15000 takeuchi
root@log-cstorage:/etc/smbldap-tools# smbldap-useradd -d /home/Logistik/Setiawan/ -u 15002 -g 15000 setiawan
root@log-cstorage:/etc/smbldap-tools# smbldap-useradd -d /home/Logistik/Tika/ -u 15003 -g 15000 tika
root@log-cstorage:/etc/smbldap-tools# smbldap-useradd -d /home/Logistik/Mustaqim/ -u 15004 -g 15000 mustaqim
root@log-cstorage:/etc/smbldap-tools# smbldap-useradd -d /home/Logistik/Asbani/ -u 15005 -g 15000 asbani
root@log-cstorage:/etc/smbldap-tools# smbldap-usershow mustaqim
dn: uid=mustaqim,ou=Users,dc=wanasl,dc=lcl
objectClass: top,person,organizationalPerson,posixAccount,shadowAccount,inetOrgPerson
cn: mustaqim
sn: mustaqim
uid: mustaqim
uidNumber: 15004
gidNumber: 15000
homeDirectory: /home/Logistik/Mustaqim/
loginShell: /bin/bash
gecos: System User
userPassword: {crypt}x
givenName: mustaqim
root@log-cstorage:/etc/smbldap-tools# id rafinosa
uid=1701(rafinosa) gid=1700(RnD) groups=1700(RnD)
root@log-cstorage:/etc/smbldap-tools# id ahmadi
uid=1702(ahmadi) gid=1700(RnD) groups=1700(RnD)
root@log-cstorage:/etc/smbldap-tools# id eci
uid=1703(eci) gid=1700(RnD) groups=1700(RnD)
root@log-cstorage:/etc/smbldap-tools# smbldap-useradd -d /home/RnD/Rafinosa/ -u 17001 -g 17000 rafinosa
root@log-cstorage:/etc/smbldap-tools# smbldap-useradd -d /home/RnD/Ahmadi/ -u 17002 -g 17000 ahmadi
root@log-cstorage:/etc/smbldap-tools# smbldap-useradd -d /home/RnD/Eci/ -u 17003 -g 17000 eci
root@log-cstorage:/etc/smbldap-tools# smbldap-usershow eci
dn: uid=eci,ou=Users,dc=wanasl,dc=lcl
objectClass: top,person,organizationalPerson,posixAccount,shadowAccount,inetOrgPerson
cn: eci
sn: eci
uid: eci
uidNumber: 17003
gidNumber: 17000
homeDirectory: /home/RnD/Eci/
loginShell: /bin/bash
gecos: System User
userPassword: {crypt}x
givenName: eci
root@log-cstorage:/etc/smbldap-tools# id rusdy
uid=1801(rusdy) gid=1800(SnF) groups=1800(SnF)
root@log-cstorage:/etc/smbldap-tools# id alfonsius
uid=1802(alfonsius) gid=1800(SnF) groups=1800(SnF)
root@log-cstorage:/etc/smbldap-tools# id dedy
uid=1803(dedy) gid=1800(SnF) groups=1800(SnF)
root@log-cstorage:/etc/smbldap-tools# id ipan
uid=1804(ipan) gid=1800(SnF) groups=1800(SnF)
root@log-cstorage:/etc/smbldap-tools# id dwi
uid=1805(dwi) gid=1800(SnF) groups=1800(SnF)
root@log-cstorage:/etc/smbldap-tools# smbldap-useradd -d /home/SnF/Rusdy/ -u 18001 -g 18000 rusdy
root@log-cstorage:/etc/smbldap-tools# smbldap-useradd -d /home/SnF/Alfonsius/ -u 18002 -g 18000 alfonsius
root@log-cstorage:/etc/smbldap-tools# smbldap-useradd -d /home/SnF/Dedy/ -u 18003 -g 18000 dedy
root@log-cstorage:/etc/smbldap-tools# smbldap-useradd -d /home/SnF/Ipan/ -u 18004 -g 18000 ipan
root@log-cstorage:/etc/smbldap-tools# smbldap-useradd -d /home/SnF/Dwi/ -u 18005 -g 18000 dwi
root@log-cstorage:/etc/smbldap-tools# smbldap-usershow ipan
dn: uid=ipan,ou=Users,dc=wanasl,dc=lcl
objectClass: top,person,organizationalPerson,posixAccount,shadowAccount,inetOrgPerson
cn: ipan
sn: ipan
uid: ipan
uidNumber: 18004
gidNumber: 18000
homeDirectory: /home/SnF/Ipan/
loginShell: /bin/bash
gecos: System User
userPassword: {crypt}x
givenName: ipan
Buat password samba setiap user sekaligus password ldap (otomatis).
root@log-cstorage:/etc/smbldap-tools# smbpasswd -a asbani
fetch_ldap_pw: neither ldap secret retrieved!
pdb_init_ldapsam_common: Failed to retrieve LDAP password from secrets.tdb
pdb backend ldapsam:ldap://ldap.wanasl.lcl/ did not correctly init (error was NT_STATUS_NO_MEMORY)
Failed to open passdb!
Apa yang terjadi ? Karena anda belum memberitahu samba password admin LDAP. Beri tahu samba pasword admin LDAP.
root@log-cstorage:/etc/smbldap-tools# smbpasswd -W
Setting stored password for "cn=admin,dc=wanasl,dc=lcl" in secrets.tdb
New SMB password:***** <--- Masukkan password admin LDAP
Retype new SMB password:***** <--- Konfirmasi
Sekarang coba kembali buat password samba user (sekaligus secara otomatis password ldap user tersebut akan dibuat).
root@log-cstorage:/etc/smbldap-tools# smbpasswd -a asbani
New SMB password:
Retype new SMB password:
Added user asbani.
Sukseskan ? Lanjutkan.
root@log-cstorage:/etc/smbldap-tools# ls -l /home/Logistik/
total 20
drwxr----- 2 asbani logistik 4096 Jun 16 13:16 Asbani
drwxr----- 2 mustaqim logistik 4096 Jun 16 13:16 Mustaqim
drwxr----- 2 setiawan logistik 4096 Jun 16 13:15 Setiawan
drwxr----- 2 takeuchi logistik 4096 Jun 16 13:14 Takeuchi
drwxr----- 2 tika logistik 4096 Jun 16 13:15 Tika
root@log-cstorage:/etc/smbldap-tools# smbpasswd -a mustaqim
New SMB password:
root@log-cstorage:/etc/smbldap-tools# smbpasswd -a mustaqim
New SMB password:
Retype new SMB password:
Added user mustaqim.
root@log-cstorage:/etc/smbldap-tools# smbpasswd -a setiawan
New SMB password:
Retype new SMB password:
Added user setiawan.
root@log-cstorage:/etc/smbldap-tools# smbpasswd -a tika
New SMB password:
Retype new SMB password:
Added user tika.
root@log-cstorage:/etc/smbldap-tools# smbpasswd -a takeuchi
New SMB password:
Retype new SMB password:
Added user takeuchi.
root@log-cstorage:/etc/smbldap-tools# smbldap-usershow setiawan
dn: uid=setiawan,ou=Users,dc=wanasl,dc=lcl
objectClass: top,person,organizationalPerson,posixAccount,shadowAccount,inetOrgPerson,sambaSamAccount
cn: setiawan
sn: setiawan
uid: setiawan
uidNumber: 15002
gidNumber: 15000
homeDirectory: /home/Logistik/Setiawan/
loginShell: /bin/bash
gecos: System User
givenName: setiawan
sambaSID: S-1-5-21-483252857-2242810810-2295108987-1003
userPassword: {SSHA}OBBOG6f0Xi66NR75EAeueVgWlH13yzc/
sambaNTPassword: D4A8AD1F46EE55F4B0A3577F717B0A30
sambaPasswordHistory: 0000000000000000000000000000000000000000000000000000000000000000
sambaPwdLastSet: 1434440285
sambaAcctFlags: [U ]
root@log-cstorage:/etc/smbldap-tools# ls -l /home/RnD/
total 12
drwxr----- 2 ahmadi RnD 4096 Jun 16 13:19 Ahmadi
drwxr----- 2 eci RnD 4096 Jun 16 13:20 Eci
drwxr----- 2 rafinosa RnD 4096 Jun 16 13:19 Rafinosa
root@log-cstorage:/etc/smbldap-tools# smbpasswd -a ahmadi
New SMB password:
Retype new SMB password:
Added user ahmadi.
root@log-cstorage:/etc/smbldap-tools# smbpasswd -a eci
New SMB password:
Retype new SMB password:
Added user eci.
root@log-cstorage:/etc/smbldap-tools# smbpasswd -a rafinosa
New SMB password:
Retype new SMB password:
Added user rafinosa.
root@log-cstorage:/etc/smbldap-tools# smbldap-usershow rafinosa
dn: uid=rafinosa,ou=Users,dc=wanasl,dc=lcl
objectClass: top,person,organizationalPerson,posixAccount,shadowAccount,inetOrgPerson,sambaSamAccount
cn: rafinosa
sn: rafinosa
uid: rafinosa
uidNumber: 17001
gidNumber: 17000
homeDirectory: /home/RnD/Rafinosa/
loginShell: /bin/bash
gecos: System User
givenName: rafinosa
sambaSID: S-1-5-21-483252857-2242810810-2295108987-1008
userPassword: {SSHA}NsAWvpMc34TfHJsUkiwTDuf8Os3P8CFv
sambaNTPassword: 9D4F6BB995711DE2418E82156A35F8CC
sambaPasswordHistory: 0000000000000000000000000000000000000000000000000000000000000000
sambaPwdLastSet: 1434440469
sambaAcctFlags: [U ]
root@log-cstorage:/etc/smbldap-tools# ls -l /home/SnF/
total 20
drwxr----- 2 alfonsius SnF 4096 Jun 16 13:23 Alfonsius
drwxr----- 2 dedy SnF 4096 Jun 16 13:23 Dedy
drwxr----- 2 dwi SnF 4096 Jun 16 13:24 Dwi
drwxr----- 2 ipan SnF 4096 Jun 16 13:24 Ipan
drwxr----- 2 rusdy SnF 4096 Jun 16 13:22 Rusdy
root@log-cstorage:/etc/smbldap-tools# smbpasswd -a alfonsius
New SMB password:
Retype new SMB password:
Added user alfonsius.
root@log-cstorage:/etc/smbldap-tools# smbpasswd -a dedy
New SMB password:
Retype new SMB password:
Added user dedy.
root@log-cstorage:/etc/smbldap-tools# smbpasswd -a dwi
New SMB password:
Retype new SMB password:
Added user dwi.
root@log-cstorage:/etc/smbldap-tools# smbpasswd -a ipan
New SMB password:
Retype new SMB password:
Added user ipan.
root@log-cstorage:/etc/smbldap-tools# smbpasswd -a rusdy
New SMB password:
Retype new SMB password:
Added user rusdy.
root@log-cstorage:/etc/smbldap-tools# smbpasswd -a muraki
New SMB password:
Retype new SMB password:
Added user muraki.
Jika anda menghendaki password LDAP milik user berbeda dengan password SAMBA, maka ubah saja password LDAP user, ini tidak akan mempengaruhi atau merubah password SAMBA user sebagaimana jika kita mengubah password SAMBA user yang juga akan ikut mengubah password LDAP user. Berikut ini adalah merubah password ldap user langsung melalui host LDAP Master.
it@ns:~$ ldappasswd -x -D "cn=admin,dc=wanasl,dc=lcl" -W 'uid=muraki,ou=Users,dc=wanasl,dc=lcl' -S
New password: <-- Password User LDAP yang baru
Re-enter new password: <-- Konfirmasi Password baru
Enter LDAP Password: <-- Password Admin LDAP
Jika kita mau mengubah password LDAP User dari host LDAP Slave, maka gunakan opsi -h yang menunjukkan lokasi host LDAP Master.
root@log-cstorage:/home/it# ldappasswd -x -D "cn=admin,dc=wanasl,dc=lcl" -h ldap.wanasl.lcl -W 'uid=takeuchi,ou=Users,dc=wanasl,dc=lcl' -S
New password: <-- Password User LDAP yang baru
Re-enter new password: <-- Konfirmasi Password baru
Enter LDAP Password: <-- Password Admin LDAP
Pada kasus yang saya alami :
1. Jika mengganti password samba user dengan perintah "smbpasswd -a username", maka password LDAP ikut berubah, Password Samba berubah, Password User Linux (System) tidak berubah.
2. Jika mengganti password user linux dengan perintah "passwd username", maka password user linux (system) berubah, password samba berubah, dan password LDAP berubah.
3. Jika mengganti password user LDAP dengan perintah "ldappasswd -x -D "cn=admin,dc=wanasl,dc=lcl" -h ldap.wanasl.lcl -W 'uid=takeuchi,ou=Users,dc=wanasl,dc=lcl' -S", maka Password LDAP berubah, password SAMBA tidak berubah, dan password User Linux (System) tidak berubah.
============================================================
Instalasi Owncloud dan Konfigurasi Virtual Host Name Based
============================================================
Pertama-tama install Apache, PHP, MySQL, Cara yang menurut saya paling mudah adalah dengan perintah "apt-get install lamp-server^". Berikut kondisi kebutuhan paket pada system ubuntu yang syaa gunakan.
root@log-cstorage:/home/it# dpkg -l | grep apache
ii apache2 2.4.7-1ubuntu4.4 amd64 Apache HTTP Server
ii apache2-bin 2.4.7-1ubuntu4.4 amd64 Apache HTTP Server (binary files and modules)
ii apache2-data 2.4.7-1ubuntu4.4 all Apache HTTP Server (common files)
ii apache2-mpm-prefork 2.4.7-1ubuntu4.4 amd64 transitional prefork MPM package for apache2
ii libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.9 amd64 server-side, HTML-embedded scripting language (Apache 2 module)
root@log-cstorage:/home/it# dpkg -l | grep php
ii libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.9 amd64 server-side, HTML-embedded scripting language (Apache 2 module)
ii php5-cli 5.5.9+dfsg-1ubuntu4.9 amd64 command-line interpreter for the php5 scripting language
ii php5-common 5.5.9+dfsg-1ubuntu4.9 amd64 Common files for packages built from the php5 source
ii php5-json 1.3.2-2build1 amd64 JSON module for php5
ii php5-ldap 5.5.9+dfsg-1ubuntu4.9 amd64 LDAP module for php5
ii php5-mysql 5.5.9+dfsg-1ubuntu4.9 amd64 MySQL module for php5
ii php5-readline 5.5.9+dfsg-1ubuntu4.9 amd64 Readline module for php5
ii phpldapadmin 1.2.2-5ubuntu1.1 all web based interface for administering LDAP servers
root@log-cstorage:/home/it# dpkg -l | grep mysql
ii libdbd-mysql-perl 4.025-1 amd64 Perl5 database interface to the MySQL database
ii libmysqlclient18:amd64 5.5.43-0ubuntu0.14.04.1 amd64 MySQL database client library
ii mysql-client-5.5 5.5.43-0ubuntu0.14.04.1 amd64 MySQL database client binaries
ii mysql-client-core-5.5 5.5.43-0ubuntu0.14.04.1 amd64 MySQL database core client binaries
ii mysql-common 5.5.43-0ubuntu0.14.04.1 all MySQL database common files, e.g. /etc/mysql/my.cnf
ii mysql-server 5.5.43-0ubuntu0.14.04.1 all MySQL database server (metapackage depending on the latest version)
ii mysql-server-5.5 5.5.43-0ubuntu0.14.04.1 amd64 MySQL database server binaries and system database setup
ii mysql-server-core-5.5 5.5.43-0ubuntu0.14.04.1 amd64 MySQL database server binaries
ii php5-mysql 5.5.9+dfsg-1ubuntu4.9 amd64 MySQL module for php5
root@log-cstorage:/home/it# dpkg -l | grep php5
ii libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.9 amd64 server-side, HTML-embedded scripting language (Apache 2 module)
ii php5-cli 5.5.9+dfsg-1ubuntu4.9 amd64 command-line interpreter for the php5 scripting language
ii php5-common 5.5.9+dfsg-1ubuntu4.9 amd64 Common files for packages built from the php5 source
ii php5-json 1.3.2-2build1 amd64 JSON module for php5
ii php5-ldap 5.5.9+dfsg-1ubuntu4.9 amd64 LDAP module for php5
ii php5-mysql 5.5.9+dfsg-1ubuntu4.9 amd64 MySQL module for php5
ii php5-readline 5.5.9+dfsg-1ubuntu4.9 amd64 Readline module for php5
Lanjutkan dengan menginstall modul-modul php yang dibutuhkan Owncloud.
root@log-cstorage:/home/it# apt-get install php5-gd php5-json php5-curl php5-intl php5-mcrypt php5-imagick php5-ldap
Agar Owncloud bisa koneksi ke samba server, install samba client.
root@log-cstorage:/home/it# apt-get install smbclient
Amankan MySQL Server kemudian buat database baru untuk server Owncloud.
root@log-cstorage:/home/it# mysql_secure_installation
Enter current password for root (enter for none): <--Masukkan password root mysql saat instalasi LAMP-Server
Change the root password? [Y/n] y
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
root@log-cstorage:/home/it# mysql -u root -p
Enter password:
mysql> CREATE USER 'owncloud-log'@'localhost' IDENTIFIED BY 'password-for-owncloud-log-user';
mysql> CREATE DATABASE ownclouddb;
mysql> GRANT ALL ON ownclouddb.* TO 'owncloud-log'@'localhost';
mysql> FLUSH PRIVILEGES;
mysql> exit
Download dan ekstrak paket instalasi Owncloud.
root@log-cstorage:/home/it# wget -c https://download.owncloud.org/community/owncloud-8.0.3.tar.bz2
root@log-cstorage:/home/it# tar -xvf owncloud-8.0.3.tar.bz2 -C /var/www/html/
root@log-cstorage:/home/it# mv /var/www/html/owncloud/ /var/www/html/log-cstorage
root@log-cstorage:/home/it# chown -R www-data.www-data /var/www/html/log-cstorage
Konfigurasi Virtual Host Apache berbasis nama.
root@log-cstorage:/home/it# cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/log-cstorage.conf
root@log-cstorage:/home/it# pico /etc/apache2/sites-available/log-cstorage.conf
root@log-cstorage:/home/it# cat /etc/apache2/sites-available/log-cstorage.conf <VirtualHost *:80>
ServerAdmin havizul@wanasl.lcl
ServerName log-cstorage.wanasl.lcl
ServerAlias www.log-cstorage.wanasl.lcl
DocumentRoot /var/www/html/log-cstorage
<Directory /var/www/html/log-cstorage>
Options FollowSymLinks
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
root@log-cstorage:/home/it# a2ensite log-cstorage.conf
Enabling site log-cstorage.
To activate the new configuration, you need to run:
service apache2 reload
root@Plan-cStorage:~# a2dissite 000-default.conf
Site 000-default disabled.
To activate the new configuration, you need to run:
service apache2 reload
root@log-cstorage:/home/it# a2enmod rewrite
Enabling module rewrite.
To activate the new configuration, you need to run:
service apache2 restart
root@log-cstorage:/home/it# service apache2 restart
* Restarting web server apache2
root@log-cstorage:/home/it# pico /etc/hosts
127.0.0.1 localhost.localdomain log-cstorage
192.168.100.26 slave3-ldap.wanasl.lcl slave3-ldap
192.168.100.26 log-cstorage.wanasl.lcl log-cstorage
LANGKAH TERAKHIR. INSTALASI OWNCLOUD MELALUI WEB BROWSER.
Buka browser dan menuju ke : http://log-cstorage.wanasl.lcl/. Kemudian isikan data-data seperti berikut ini.
Create an admin account :
Username = local-admin
Password = 123e4r5
Storage :
Data Folder = /var/www/html/acc-cstorage/data
Database (MySQL) :
Database user = owncloud-log
Database password = password-for-owncloud-acc-user
Database name = ownclouddb
Location = localhost
FINISH SETUP
Konfigurasi Selanjutnya (Menambahkan Apps).
1. Klik Apps pada menu pojok kiri atas.
2. Pada menu bagian sisi paling kiri klik "Not enabled"
3. Enable "External storage support" untuk mengakses samba dan lainnya
4. Enable "LDAP user and group backend" untuk menggunakan user2 dan group2 LDAP.
Konfigurasi Selanjutnya. (Setting LDAP Server).
1. Pada pojok kanan atas klik simbol segitiga terbalik.
2. Klik Admin
3. Pada bagian LDAP setting Server, User Filter, Login Filter, dan Group Filter.
Konfigurasi selanjutnya. Setting agar Owncloud menggunakan username LDAP sebagai Username Owncloud dari pada menggunakan Internal Attribute LDAP (entryUUID).
1. Pada pojok kanan atas klik simbol segitiga terbalik.
2. Klik Admin
3. Pada bagian LDAP. Klik tab Expert (tab paling ujung kanan)
4. Pada bagian Internal Username, isikan "uid" (Tanpa tanda petik) di kolom "Internal Username Attribute:".
5. Pada bagian "Username-LDAP User Mapping" klik "Clear Username-LDAP User Mapping" dan "Clear Goupname-LDAP Group Mapping".
6. Save.
7. Silahkan cek kembali user-user Owncloud, pada pojok kanan atas, klik Users.
8. Sekarang Username bagi user2 owncloud sudah menggunakan uid LDAP, tidak lagi menggunakan entryUUID.
SELESAI.
root@log-cstorage:/etc/smbldap-tools# pico /etc/security/limits.conf
.
.
.
#ftp hard nproc 0
#ftp - chroot /ftp
#@student - maxlogins 4
* - nofile 16384
# End of file
Tidak ada komentar:
Posting Komentar